package com.example.demo.controller;

import com.example.demo.entity.User;
import com.example.demo.service.UserService;
import com.example.demo.utils.JsonResult;
import com.example.demo.utils.ResultUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;

@RestController
@RequestMapping("/user")
public class UserController {
    @Autowired
    private UserService userService;

    /**
     * 用户登录
     * @return
     */
    @RequestMapping(value = "/login",method = RequestMethod.POST)
    public JsonResult userLogin(@RequestBody User user){
        return userService.userLogin(user);
    }

    /**
     * 从请求头中解析出账号 并对当前账号进行注销
     * @return
     */
    @RequestMapping(value = "/userExit",method = RequestMethod.POST)
    public JsonResult userExit(HttpServletRequest httpServletRequest){
        return userService.userExit(httpServletRequest);
    }

    /**
     * 测试权限接口
     * SecurityExpressionRoot中定义了
     * @return
     */
    @PreAuthorize("hasAuthority('student:select')")
    @RequestMapping(value = "/test1",method = RequestMethod.GET)
    public JsonResult testUser(HttpServletRequest request){
        return  ResultUtil.success("测试成功");
    }

    @PreAuthorize("hasAuthority('admin:select')")
    @RequestMapping(value = "/test2",method = RequestMethod.GET)
    public JsonResult testAdmin(HttpServletRequest request){
        return  ResultUtil.success("测试成功");
    }


    @PreAuthorize("@xp.hasAnyAuthorityName('teacher:select','admin:select')")
    @RequestMapping(value = "/test3",method = RequestMethod.GET)
    public JsonResult testLogin(HttpServletRequest request){
        return  ResultUtil.success("测试成功");
    }
}
